Security Overview of the BGI Online Platform
|
|
- Owen Cain
- 5 years ago
- Views:
Transcription
1 WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra effort to ensure data security on BGI Online based on two reasons. First, BGI Online is a platform dealing with genomic data, which concerns individuals (say, patients) and deserves to be handled with the highest possible level of privacy protection. Second, BGI Online is an online system hosted on Amazon Web Services (AWS) cloud. Not only important genomic data, but also the analytic pipelines from different organizations and users will co-exist on a cloud platform. As a result, BGI Online is designed and built with stringent security and privacy requirement. This paper highlights the security measures designed into the BGI Online platform to ensure both the low level security and the permission control over the users on the platform. Our Approach The security design of BGI Online is divided into two levels, the infrastructure level and the business logic level. For the infrastructure level, the general security measures used by the cloud computing industry have been incorporated, which include data encryption, authentication, API rate limit, VPC protection, firewall protection and vulnerability protection. For the business logic level, the primary concern is how to support the collaborative nature of genomic cloud users, while providing an easy-to-manage, yet well-protected business logic for ensuring a secured workflow on the system. To this end, BGI Online has several tailor-made design concepts, including the de-identification of objects, fine grain access control, and the sharing mechanism of files. It has been noted that while there exist a few regulatory frameworks for governing the security and privacy of genomic data (namely, the US Health Insurance Portability and Accountability Act (HIPAA), Clinical Laboratory Improvement Amendments (CLIA), ISO/IEC 27001:2013), these regulatory frameworks do not cover concrete requirement, guidelines and regulations for handling genomic data on cloud platforms. Nevertheless, when BGI Online is designed and developed, the principles and underlying spirit of these frameworks have been observed and followed.
2 Infrastructure Level Security 1. Encryption BGI Online ensures all data handled by the system is encrypted during transfer and at rest. For the data being transfer, not a single data connection in the system allows plain data being transferred. For those connections with encryption option (e.g. HTTP/S), we will enforce the use of the encrypted option. For those connections that do not come with a built-in encryption option, BGI Online has developed and uses an encrypted version of them. For BGI Online, there are actually four different types of at rest storage: 1) The ephemeral storage used by the EC2 computation instances 2) The Tier-1 cache comprises EC2 instances with multiple ephemeral disks. 3) AWS Simple Storage Service (S3). 4) AWS Glacier. Figure 1 shows the data flow in BGI Online. BGI Online implements all types of at rest encryption. Data is by default uploaded to Tier-1 cache encrypted using an industrial standard AES256 algorithm, and at the same time synchronized to encrypted S3 bucket leveraging S3 server-side encryption. During computation, all data and temporary disk volumes are being encrypted using AES256. Infrequently accessed data would be removed from Tier-1 cache, or further moved to Glacier, which is also encrypted with AES256 on server-side, for archival. All data transfer is done through encrypted SSL/TLS channels.
3 1 User logs on BGI-Online. 2 BGI-Online creates temporary access token. 3 Using the token, data is uploaded to Engine and being de-identified. Keys to restore the data are stored in Metadata database. De-identified data are stored in Encrypted tier-1 cache and S3 bucket synchronously. 4 Once the user starts a computation, BGI-Online calculates the optimal execution plan. Final results are uploaded to Encrypted tier-1 cache. 5 Infrequently accessed data are removed from Encrypted tier-1 cache, 6 or being further archived in Encrypted Glacier Vault and removed from S3. Figure 1 Data flow in BGI Online When the data is no longer used in a particular place (e.g. on a computing node) or an authorized user decides to remove the data from BGI Online, data are wiped with U.S. Department of Energy M Standard to ensure that all data is safely. The standard uses three wiping passes: Pass 1-2: overwrite the data with a pseudo random values Pass 3: overwrite the data with zero-filled pattern 2. Authentication Authentication to the AWS instances follows the best practices advocated by Amazon. It requires a strong RSA key. This ensures that the infrastructure is well protected. On the system level, BGI Online users authenticate on the platform using user name and secure password. A time-limited temporary token will be generated upon successful authentication. This token is kept secured and being used for accessing the system for a short period of time. This limits the possibility of any hackers to obtain access to the system by brute force trial-and-error.
4 3. API Rate Limit BGI Online implements a rate limit for accessing the system. All accesses to the system, including the front-end web page operations, are done through API. For each user, there will be a maximum rate to access BGI Online s system API. This limits the possibility of malicious users to tamper the system using denial-of-service type of attacks. 4. VPC Protection All Amazon Web Services (AWS) EC2 instances used by BGI Online run within an Amazon Virtual Private Clouds (VPC). VPC provides a logically isolated section of the AWS Cloud where BGI Online launches its AWS resources in a virtual network that is specifically defined. Using VPC, BGI Online uses a specific IP address range, subnets, route tables and network gateways. 5. Firewall Protection Amazon EC2 provides security groups for BGI Online computing resources. A security group acts as a virtual firewall that controls the network traffic flowing in and out of the BGI Online computing resources. Every instance launched in BGI Online is associated with just the needed security groups. Using the rules in security group, fine grain control can be applied to allow traffic to or from other instances. 6. Vulnerability Protection BGI Online is developed using a number of third party open source libraries and software. Like every other software, these libraries may have vulnerability problem, which may be discovered over time. The BGI Online team will conduct regular vulnerability assessments in a pro-active manner. Whenever potential risks are identified, immediate remedies will be applied to ensure the system is well protected. Also, AWS does provide vulnerability checking for the users. The security guidelines and advices provided by AWS will be actively followed so as to promote the vulnerability protection of the system. Business Logic Level Security 1. De-identification of objects All entities in the BGI Online system are represented by a UUID, which is 128-bit value for guaranteeing a practical uniqueness. In practice, holding a UUID cannot determine the details of the entity. For example, getting hold of a file s UUID does not give the holder any information, i.e. name, metadata, owner, create date, belonging project, etc., about the file. Likewise, getting hold of a project s UUID does not give the holder any information about what the project is about. Though the possible values of UUID is finite, the BGI Online only use an extremely sparse subset of the values. Therefore, it is practically impossible for users to obtain information about the other users, or the other projects of the system by guessing the UUIDs or by deducing information from the UUIDs they hold.
5 2. Fine Grained Access Control Access controls on the BGI Online Platform are very fine-grained. Six permissions types including Admin, Upload, View, Modify, Run and Share are set on a per-user-per-project basis. Files are grouped under projects, and each project members can have his/her own permission towards the files. As a result, different users/members can be assigned with different privileges that allow them to access just enough information for their work only. This includes sharing of data, which can only be performed via the platform itself unless a user has the Share permission to download a file. 3. Sharing of Files on BGI Online Platform A file could be shared through link only, thus prohibiting additional copies. The accessibility of a link only shared file could be revoked immediately by unsharing or deleting the file. To account for the two natures of shared file, one is publicly shared such as 1000 genome project data; another is privately shared where the number of recipient should only be one, BGI-Online implements two sharing methods: Public: shared files could be viewed, linked or copied (if allowed) by all projects. Private (hand-shaking): Sharer shares a file to a Project ID (Recipient) provided by the recipient. The recipient needs to enter the Project ID (Sharer) that owns the shared file tolink or copy the shared file.
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationSecurity on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationSecuring Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.
Securing Amazon Web Services (AWS) EC2 Instances with Dome9 A Whitepaper by Dome9 Security, Ltd. Amazon Web Services (AWS) provides business flexibility for your company as you move to the cloud, but new
More informationCOMPLIANCE WHITE PAPER
COMPLIANCE WHITE PAPER COMPLIANCE WHITE PAPER This white paper describes how the Seven Bridges Platform enables our clients to be compliant with the regulatory frameworks that govern their work and how
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationShine and Security. Our app is playful and encourages sharing, but we take keeping this information secure very seriously.
Shine and Security Shine and Security Shine users entrust us with keeping track of the everyday actions they take to help them better themselves, their community and our planet. Putting our users first
More informationSecurity and Privacy Overview
Security and Privacy Overview Cloud Application Security, Data Security and Privacy, and Password Management 1 Overview Security is a growing concern and should not be taken lightly across an organization.
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationHackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm
whitepaper Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm When your company s infrastructure was built on the model of a traditional on-premise data center, security was pretty
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationAccelerating the HCLS Industry Through Cloud Computing
Accelerating the HCLS Industry Through Cloud Computing Use cloud computing to accelerate life sciences and healthcare specific workloads, and meet the unique computation, storage, security, and compliance
More information8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop
Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationBest Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ
Best Practices for Cloud Security at Scale Phil Rodrigues Security Solutions Architect Web Services, ANZ www.cloudsec.com #CLOUDSEC Best Practices for Security at Scale Best of the Best tips for Security
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationPass4test Certification IT garanti, The Easy Way!
Pass4test Certification IT garanti, The Easy Way! http://www.pass4test.fr Service de mise à jour gratuit pendant un an Exam : SOA-C01 Title : AWS Certified SysOps Administrator - Associate Vendor : Amazon
More informationComplete document security
DOCUMENT SECURITY Complete document security Protect your valuable data at every stage of your workflow Toshiba Security Solutions DOCUMENT SECURITY Without a doubt, security is one of the most important
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationXerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers
Xerox FreeFlow Print Server Security White Paper Secure solutions for you and your customers Executive Summary Why is security more important than ever? New government regulations have been implemented
More informationMcAfee MVISION Cloud. Data Security for the Cloud Era
McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationSecurity. ITM Platform
Security ITM Platform Contents Contents... 0 1. SaaS and On-Demand Environments... 1 1.1. ITM Platform configuration modes... 1 1.2. Server... 1 1.3. Application and Database... 2 1.4. Domain... 3 1.5.
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationInformation Security Policy
Information Security Policy Information Security is a top priority for Ardoq, and we also rely on the security policies and follow the best practices set forth by AWS. Procedures will continuously be updated
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationCompliance with CloudCheckr
DATASHEET Compliance with CloudCheckr Introduction Security in the cloud is about more than just monitoring and alerts. To be truly secure in this ephemeral landscape, organizations must take an active
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About CUSTOMER... Error! Bookmark not defined. Use Case Description... 3 Technical Stack... 3 AWS Architecture... Error! Bookmark not defined. AWS Solution Overview... 4 Risk Identified
More informationZumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents
Zumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents Introduction... 2 High-Level Platform Architecture Diagram... 3 Zbi Production Environment... 4 Zbi Publishing Engine...
More informationThis paper introduces the security policies, practices, and procedures of Lucidchart.
Lucidchart Security Abstract This paper introduces the security policies, practices, and procedures of Lucidchart. The paper lays out the architecture security of this software-as-a-service product. It
More informationStorage Made Easy. Providing an Enterprise File Fabric for INVESTOR NEWSLETTER ISSUE N 3
INVESTOR NEWSLETTER ISSUE N 3 Storage Made Easy Providing an Enterprise File Fabric for STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR OPENIO Storage Made Easy (SME) File Fabric is a comprehensive Enterprise
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationAWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services
AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services What is the GDPR? What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationBuilding Cloud Trust. Ioannis Stavrinides. Technical Evangelist MS Cyprus
Building Cloud Trust Ioannis Stavrinides Technical Evangelist MS Cyprus If you re resisting the cloud because of security concerns, you re running out of excuses. The question is no longer: How do I move
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationSignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer
SignalFx Platform: Security and Compliance MARZENA FULLER Chief Security Officer SignalFx Platform: Security and Compliance INTRODUCTION COMPLIANCE PROGRAM GENERAL DATA PROTECTION DATA SECURITY Data types
More informationTop. Reasons Legal Teams Select kiteworks by Accellion
Top 10 Reasons Legal Teams Select kiteworks by Accellion Accellion Legal Customers Include: Top 10 Reasons Legal Teams Select kiteworks kiteworks by Accellion enables legal teams to manage their increasing
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationSECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationProviding an Enterprise File Share and Sync Solution for
Storage Made Easy Providing an Enterprise File Share and Sync Solution for Microsoft Azure Storage Storage Made Easy Enterprise File Share and Sync Solution for Microsoft Azure The Storage Made Easy (SME)
More informationStorage Made Easy. SoftLayer
Storage Made Easy Providing an Enterprise File Fabric for SoftLayer STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR SOFTLAYER The File Fabric is a comprehensive multi-cloud data security solution built on
More informationProtecting Your Cloud
WHITE PAPER Protecting Your Cloud Maximize security in cloud-based solutions EXECUTIVE SUMMARY With new cloud technologies introduced daily, security remains a key focus. Hackers and phishers capable of
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationAWS Security. Stephen E. Schmidt, Directeur de la Sécurité
AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express
More informationSAP Vora - AWS Marketplace Production Edition Reference Guide
SAP Vora - AWS Marketplace Production Edition Reference Guide 1. Introduction 2 1.1. SAP Vora 2 1.2. SAP Vora Production Edition in Amazon Web Services 2 1.2.1. Vora Cluster Composition 3 1.2.2. Ambari
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About Customer... 3 Use Case Description... 3 Technical Stack... 3 AWS Solution... 4 Security... 4 Benefits... 5 Scope This document provides a detailed use case study on Hosting GSP
More informationAWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE
AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE Education Edition 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationSystem Security Features
System Security Features Overview Azeus Convene provides excellent user experience in holding meetings, as well as sharing, collaborating and accessing documents without compromising security. By using
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationGet the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations
Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations Today s Presenter Dan Freeman, CISSP Senior Solutions Consultant HelpSystems Steve Luebbe Director of Development HelpSystems
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationDatasheet. Only Workspaces delivers the features users want and the control that IT needs.
Datasheet Secure SECURE Enterprise ENTERPRISE File FILE Sync, SYNC, Sharing SHARING and AND Content CONTENT Collaboration COLLABORATION BlackBerry Workspaces makes enterprises more mobile and collaborative,
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationXerox Audio Documents App
Xerox Audio Documents App Additional information, if needed, on one or more lines Month 00, 0000 Information Assurance Disclosure 2018 Xerox Corporation. All rights reserved. Xerox, Xerox,
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationKillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX
KillTest Q&A Exam : AWS-SysOps Title : AWS Certified SysOps Administrator Associate Version : Demo 1 / 4 1.A user has created photo editing software and hosted it on EC2. The software accepts requests
More informationHIPAA Compliance. with O365 Manager Plus.
HIPAA Compliance with O365 Manager Plus www.o365managerplus.com About HIPAA HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationVillage Software. Security Assessment Report
Village Software Security Assessment Report Version 1.0 January 25, 2019 Prepared by Manuel Acevedo Helpful Village Security Assessment Report! 1 of! 11 Version 1.0 Table of Contents Executive Summary
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationStorage Made Easy. Mirantis
Storage Made Easy Providing an Enterprise File Fabric for Mirantis STORAGE MADE EASY ENTERPRISE FILE FABRIC FOR MIRANTIS The File Fabric is a comprehensive multi-cloud data security solution built on top
More informationCompliant. Secure. Dependable.
NAVIFY Cloud Security with the NAVIFY Tumor Board solution Compliant. Secure. Dependable. Trust that your oncology patients healthcare information stays protected. In the era of precision medicine, you
More informationPCI DSS and VNC Connect
VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationDatabricks Enterprise Security Guide
Databricks Enterprise Security Guide 1 Databricks is committed to building a platform where data scientists, data engineers, and data analysts can trust that their data is secure. Through implementing
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationCisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th
Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationCompliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security
Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED
More informationUniversity of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017
University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017 Related Policies, Procedures, and Resources UAB Acceptable Use Policy, UAB Protection and Security Policy, UAB
More informationOnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems
OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems April 2017 215-12035_C0 doccomments@netapp.com Table of Contents 3 Contents Before you create ONTAP Cloud systems... 5 Logging in
More informationGetting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions
Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across
More informationPatient Information Security
Patient Information Security An overview of practice and procedure UK CAB Meeting 13th April 2012 Nathan Lea Senior Research Associate CHIME, UCL Overview - Questions that have been asked What happens
More information